英文:
Gorilla session package confusion
问题
从PHP背景出发,我对Gorilla sessions包有些困惑。
Gorilla sessions的行为类似于$_SESSION['name']
还是类似于PHP中的$_COOKIE['name']
?
我想尝试使用这两种方式为我的Go Web应用程序创建用户会话,但我不确定Gorilla sessions是否是一个好的选择。我希望那些没有点击登录表单上的“记住我”按钮的用户在关闭浏览器后会话被清除,而其他用户则会有一个与之关联的cookie。那么Gorilla sessions能够处理这两种情况吗?还是我应该在这种情况下使用其他的东西?
英文:
Coming from a PHP background I'm a little confuse about Gorilla sessions package.
Does Gorilla act similar to $_SESSION['name']
or does it act similar to $_COOKIE['name']
from PHP?
I'm trying to use both ways to create a user session for my Go web application, but I'm not sure if Gorilla sessions will be a good package to use. I want the users who didn't click on the "remember me" button on the login form to have their session erased after closing their browser, whereas everyone else will have a cookie associated with them. So would Gorilla sessions be able to handle both scenarios or should I use something else in this case?
答案1
得分: 7
这完全取决于你使用的存储后端。
gorilla/sessions 包内置了基于 cookie 和文件系统的存储方式。它没有内存存储方式,这与 PHP 的 $_SESSION
类似。
我的建议是:
- 使用内置的 cookie 存储方式,它使用签名的 cookie。它非常适合大多数情况,并且实现起来最简单。
- 如果你需要服务器端的会话(即在会话中存储大量值),可以从可用的实现中选择 - Redis、BoltDB、MySQL、Postgres 等。
我个人有使用 Redis 后端存储(redistore),效果非常好。如果你偏好使用 BoltDB(基于文件的键值存储)或 Postgres 存储,它们也是可靠的选择。
我希望那些没有点击登录表单上的“记住我”按钮的用户在关闭浏览器后会话被清除,而其他用户将有一个与他们关联的 cookie。那么 Gorilla sessions 能处理这两种情况吗?还是我应该在这种情况下使用其他东西?
请注意,所有实现都需要一个“cookie” - 只是这个 cookie 是自包含的存储,还是只包含一个指向后端存储中的行/值的标识符。
你可以通过设置 session.Options.MaxAge = 0
来设置“会话 cookie”(即只在标签页/浏览器会话期间有效),具体请参考 gorilla/sessions 文档的这一部分。
例如:
func MyHandler(w http.ResponseWriter, r *http.Request) {
session, err := store.Get(r, "session-name")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
// 添加逻辑来检查 r.FormValue 是否选中了 remember_me 复选框。
// 临时会话
session.Options.MaxAge = 0
// 设置一些会话值。
session.Values["user"] = someUser
// 在写入响应/从处理程序返回之前保存会话。
session.Save(r, w)
}
希望对你有所帮助。
英文:
It entirely depends on which storage back-end you use.
The gorilla/sessions package has built-in cookie & filesystem based stores. There is no memory-based store, which is roughly what PHP's $_SESSION
is.
My recommendation:
- Use the built-in cookie store, which uses signed cookies. It is well suited for most purposes and is the easiest to implement.
- If you have a need for server-side sessions (i.e. storing large values in the session), pick from the available implementations - Redis, BoltDB, mySQL, Postgres, etc.
I have first-hand experience with the Redis backed store (redistore), which has been great. The BoltDB (a file-based key store) and Postgres stores are also solid if you have a preference for those.
> I want the users who didn't click on the "remember me" button on the login form to have their session erased after closing their browser, whereas everyone else will have a cookie associated with them. So would Gorilla sessions be able to handle both scenarios or should I use something else in this case?
Note that all implementations require a "cookie" - it's just whether the cookie is the self-contained store, or whether it just holds an identifier referring to a row/value in the back-end store.
You can set "session cookies" (i.e. last only as long as the tab/browser session) by setting session.Options.MaxAge = 0
as per this part of the gorilla/sessions docs.
e.g.
func MyHandler(w http.ResponseWriter, r *http.Request) {
session, err := store.Get(r, "session-name")
if err != nil {
http.Error(w, err.Error(), 500)
return
}
// Add your logic to check the r.FormValue for your remember_me checkbox.
// Temporary session
session.Options.MaxAge = 0
// Set some session values.
session.Values["user"] = someUser
// Save it before we write to the response/return from the handler.
session.Save(r, w)
}
Hope that helps.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论